| 1 |
Speaking as a professional paranoid (and a long-time lurker on this |
| 2 |
list), I'd prefer to see PGP/GnuPG signature verification as a default |
| 3 |
setting. Trusting the MD5 hash, as the sole guarantor of integrity, is |
| 4 |
insane ^h^h^h^h^h^himprudent, and invites mischief. |
| 5 |
|
| 6 |
As far as key distribution goes, you can either use: |
| 7 |
|
| 8 |
1) the straight-up 'web-of-trust' option using PGP keys. This would be |
| 9 |
onerous because it would require every key to be manually imported, |
| 10 |
e.g., from every development group |
| 11 |
|
| 12 |
2) the CA model, where X.509 keys are issued to developers but descended |
| 13 |
from a common (private) root. Verification of a given cert would require |
| 14 |
showing only that the cert came from the trusted chain and hasn't been |
| 15 |
revoked: |
| 16 |
|
| 17 |
openssl verify [-CApath directory] cert.pem |
| 18 |
|
| 19 |
...plus a script for pulling and using the CRLs. |
| 20 |
|
| 21 |
Both approaches have their pros and cons. |
| 22 |
|
| 23 |
Andrew |
| 24 |
|
| 25 |
J Holder wrote: |
| 26 |
> Ed Grimm said: |
| 27 |
> |
| 28 |
>>On Tue, 17 Feb 2004, Brian Klauss wrote: |
| 29 |
>> |
| 30 |
>> |
| 31 |
>>>What I don't understand then is the problem with security of ebuilds. |
| 32 |
>>>If we can validate that the MD5 hash is consistent with the published |
| 33 |
>>>hash, then the package would be considered secure and case is |
| 34 |
>>>effectively closed? |
| 35 |
>>>Right? |
| 36 |
>> |
| 37 |
>>And how do you know the published hash? Are there not entities in the |
| 38 |
>>datastream that could alter both the file you download and the MD5 that |
| 39 |
>>you download? Especially if, as I think I've seen, emerge gets the MD5 |
| 40 |
>>hash from the same source as it gets the source packages. However, even |
| 41 |
>>in the case of multiple mirrors, either the primary FTP server could've |
| 42 |
>>been cracked, or the datastream could be hijacked at the local ISP, |
| 43 |
>>inserting an altered datasream for each file. |
| 44 |
>> |
| 45 |
>>Using a PGP/GPG signature would reduce the questions of trust down to |
| 46 |
>>'do we trust the gentoo devs', 'do we trust PGP', and 'do we trust the |
| 47 |
>>PGP signature'. Right now, we're also having to trust the primary FTP |
| 48 |
>>server, our local mirror, and all the net in between them and us, |
| 49 |
>>including our ISP, as they're all placed such that they could substitute |
| 50 |
>>alternate versions of both files, and we'd be none the wiser. Some |
| 51 |
>>people believe that is perfectly acceptable. Others do not. |
| 52 |
>> |
| 53 |
>>One could use an X509 sig instead of a PGP sig, although my impression |
| 54 |
>>is that fewer people are familiar with those. On the other hand, they |
| 55 |
>>do have a more refined chain of trust (at least, if you go with an |
| 56 |
>>existing CA rather than your own.) |
| 57 |
> |
| 58 |
> |
| 59 |
> I tend to agree with this point. So far extreme vigilance on the part of |
| 60 |
> the gentoo admins protected us from a potential problem when there was |
| 61 |
> previously a breakin. But in the long run, PGP or some similar |
| 62 |
> alternative would be a whole lot safer. |
| 63 |
> |
| 64 |
> The really big issue is getting that kind of infrastructure in place. Do |
| 65 |
> we have each gentoo dev sign the files he/she is responsible for? I think |
| 66 |
> we can dismiss the possibility of using one key to sign everything. Maybe |
| 67 |
> a key for each software group would be feasible? |
| 68 |
> |
| 69 |
> |
| 70 |
> -- |
| 71 |
> gentoo-security@g.o mailing list |
| 72 |
> |
| 73 |
|
| 74 |
|
| 75 |
-- |
| 76 |
Andrew Jaquith |
| 77 |
Program Director |
| 78 |
@stake, Inc. |
| 79 |
196 Broadway |
| 80 |
Cambridge, MA 02139 |
| 81 |
USA |
| 82 |
|
| 83 |
Direct: 617.768.2711 |
| 84 |
Mobile: 617.501.3278 |
| 85 |
Fax: 617.621.1478 |
| 86 |
Email: ajaquith@×××××××.com |
| 87 |
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x898CF546 |
| 88 |
|
| 89 |
|
| 90 |
-- |
| 91 |
gentoo-security@g.o mailing list |
Archives